MDKSA-2002:064

Problem description

A vulnerability was discovered in Konqueror's cross site scripting
protection, in that it fails to initialize the domains on sub-(i)frames
correctly. Because of this, javascript may access any foreign subframe
which is defined in the HTML source, which can be used to steal cookies
from the client and allow other cross-site scripting attacks. This
also affects other KDE software that uses the KHTML rendering engine.
This is fixed in KDE 3.0.3a, and the KDE team provided a patch for
KDE 2.2.2. This patch has been applied to the following packages.
After upgrading kdelibs, you must restart KDE in order for the fix to
work.